<?php
/* FILE: process_delete_item.php
 * DESCRIPTION: Process called when a user presses a delete button in collection_item_list.php
 * POST DATA: N/A
 * GET DATA: cname (collection name), id (item id)
 */ 
	//Handle the session
	session_start();
	
	include('config.inc');
	include('includes/functions.php');
	
	//Get the item id and collection name
	$itemId = $_GET['id'];
	$collectionName = $_GET['cname'];
	//Check to see if user is owner of collection
	if(getUID($collectionName) == $_SESSION['user_name'])
	{
		$deleteQuery = "DELETE FROM item WHERE item_id = "
			. mysql_real_escape_string($itemId)
			. " AND item_user_id = '"
			. mysql_real_escape_string($_SESSION['user_name'])
			. "';";
		
		$deleteQuery2 = "DELETE FROM "
			. mysql_real_escape_string($collectionName)
			. " WHERE "
			. mysql_real_escape_string(removeUID($collectionName))
			. "_item_id = "
			. mysql_real_escape_string($itemId)
			. ";";
			
		//Run the query
		if(!$query = mysql_query($deleteQuery))
		{
			die($deleteQuery);
		}
		if(!$query = mysql_query($deleteQuery2))
		{
			die($deleteQuery2);
		}
		
		//Update the header
		header('Location: collection_item_list.php?colname=' 
					. $collectionName );
	}
	else
	{
		unset($_SESSION['user_name']);
		header('Location: index.php?err=denied');
	}
?>